This page documents production updates to Confidential Space. Check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.
You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your
feed
reader, or add the feed URL directly: https://cloud.google.com/feeds/confidential-space-release-notes.xml
February 28, 2024
Data collaborators can now check if memory monitoring is enabled on a Confidential VM running a Confidential Space workload.
A new Confidential Space image (240200) is now available. This image provides support for data collaborators to add memory monitoring as part of their attestation assertions.
December 18, 2023
A workload operator can now enable memory monitoring on the Confidential VM running the workload. This must be permitted by the workload author.
A new Confidential Space image (231201) is now available. This image provides support for Confidential VM memory monitoring.
December 05, 2023
You can now use custom attestation tokens to authenticate a workload to relying parties outside of Google Cloud. External relying parties can use authentication to help establish trust and exchange sensitive data securely.
A new Confidential Space image (231200) is now available. This image provides support for custom attestation tokens.
November 22, 2023
November 20, 2023
Support for VPC Service Controls is released to General Availability.
You can now protect Confidential Space using VPC Service Controls perimeters. For more information, see VPC Service Controls supported products.
November 08, 2023
Support for VPC Service Controls is released to Preview.
You can now protect Confidential Space using VPC Service Controls perimeters. For more information, see VPC Service Controls supported products.
November 03, 2023
A new Confidential Space image (231001) is now available. This image provides support for signing container images.
October 04, 2023
A new Confidential Space image (230901) is now available. This image provides improved logging capabilities and increases the file descriptor limits.
June 30, 2023
A new Confidential Space image (230600) is now available. This image provides support for opening ports for inbound network traffic to your workload.
June 09, 2023
Ports can now be opened for ingress network traffic when using Confidential Space image version 230600 and above.
March 28, 2023
Confidential Space is now generally available.
Confidential Space is designed to let parties share sensitive data with a mutually agreed upon workload, while they retain confidentiality and ownership of that data. Such data might include personally identifiable information (PII), protected health information (PHI), intellectual property, cryptographic secrets, and more. Confidential Space helps create isolation so that data is only visible to the workload and the original owners of the data.
March 27, 2023
The assertion.swversion attestation assertion now verifies the Confidential Space image version number the workload is being run on, with the result returned as a list. Previously the assertion was used to determine whether the workload was running on a production or debug Confidential Space image, and the result was returned as an integer. You now determine if a production or debug image is being used with the assertion.dbgstat assertion.
The assertion.submods.confidential_space.support_attributes assertion can be used to verify the support status of the Confidential Space image being used. It can be used, for example, to ensure that the workload is running on the latest version of the Confidential Space image.
February 28, 2023
A new Confidential Space image (2302-0) is now available. This image provides support for the following features and fixes:
- Attestation is now run in the same location as your workload.
- The launcher and workload return codes are now recorded in logs.
- A bug that prevented Docker from pulling images has been fixed.
February 27, 2023
The service account attached to a Confidential Space workload VM now requires the confidentialcomputing.workloadUser role to generate an attestation token. If you receive a permission denied message for confidentialcomputing.locations.list on your existing workload, add the role to the VM service account.
December 02, 2022
Preview: Confidential Space is designed to let parties share sensitive data with a mutually agreed upon workload, while they retain confidentiality and ownership of that data. Such data might include personally identifiable information (PII), protected health information (PHI), intellectual property, cryptographic secrets, and more. Confidential Space helps create isolation so that data is only visible to the workload and the original owners of the data.